PROGRAM class is defined without flags.
For example,
editres PROGRAM ('/Full/path/to/app') defaccess(EXECUTE) owner('nobody')
After upgrade this application, this app blocks to run as untrusted.
In audit log:
D MMM YYYY hh:mm:ss D PROGRAM user01 Exec 250 2 /Full/path/to/app /usr/bin/bash srchost
Why this command is blocked although user does not set flag?
After defined this rule, editres PROGRAM ('/Full/path/to/app') defaccess(EXECUTE) owner('nobody')
flags set as all as default.
ata for PROGRAM '/Full/path/to/app'
-----------------------------------------------------------
Defaccess : X
...
Trusted Pgm Info : Mtime, Ctime, Mode, Size, Device, Inode, Crc, Sha1, Sha256, Sha384, Sha512, Owner, Group
Then, when app is updated, it checking by PAMSC and set untrust.
So, it blocked to run with setting as blockrun.
Release : 14.1
Component : PAM SERVER CONTROL ENDPOINT UNIX/LINUX
if you want to skip this check, rule is defined with flags(none).
editres PROGRAM ('/Full/path/to/app') defaccess(EXECUTE) owner('nobody') flags(none)